Using API

In Kayako JWT tokens, that are intended for single sign-on, can also be used to access the API service. This can be useful, if, e.g., you want to embed some part of Kayako functionality into your web application, which is used as the SSO service.

This technique can be described as JWT authentication. To use this authentication scheme the API client must include the JWT token into its API request.

JWT authentication for API requires JWT SSO to be enabled for the agent portal, if the authenticated user is an agent, and for the help center, if the authenticated user is a customer.

JWT authentication

To authenticate you should supply the JWT token in the Authorization HTTP header with the Bearer schema as follows:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0NjQyODU3MTQsImp0aSI6IjF0RUMzTlJpYXhQblJvMGdCMDNZR0d0NXhVbVVoTExtIiwiZW1haWwiOiJqb3JkYW4ubWl0Y2hlbGxAYnJld2ZpY3R1cy5jb20iLCJuYW1lIjoiSm9yZGFuIE1pdGNoZWxsIiwicm9sZSI6ImFkbWluIn0.0N9G862lfuLdyeom8_t9VqyF35UUFY78EBDUsy5oXgI

Alternatively, you can use the _jwt argument.


By default, the API service assumes, that the role of the user, which is authenticated using JWT, is customer. If it's not true, the API service will return an error. Therefore, it is recommended, that the role claim is always included into the JWT payload, when it is used to access API.

See also Payload.